Key Exchange: From Carrying Handcuffed Briefcases To Modern Cryptosystems

Post navigation

You should be familiar to handcuffed briefcases in spy movies. Most probably, shared secret key is in the briefcase and the agent transfers the secret key between parties in old fashioned way. Either courier’s hand is cut or he is kidnapped to steal the briefcase. So, handcuffs could not guarantee the security of the briefcase and key.

Public key cryptography gives us opportunity to securely transfer secret keys in insecure channels such as internet or broadcasting. Alternative public key algorithms depend on exponential computations and they work on large numbers. That’s why, they have high computation costs. Herein, elliptic curves offer faster computations for key exchange operations. Previous posts related to elliptic curves are described theoretically. Now, we’ll put the theory into the practice as a real world example. Basically, key exchange could be applied by point addition and scalar point multiplication.

Suppose that Alice picks up her private key ka. Alice would compute her public key with multiplying her private key and public base point G. Then, Bob multiplyies Alice’s public key (Bob knows Alice’s public key because its public) and his private key kb. Likewise, Bob would compute his public key with multiplying his private key and public base point G. After then, Alice will multiply Bob’s public key and her private key ka. Finally, Alice and Bob both retrieves same shared secret key. This algorithm is also called as Elliptic Curve Diffie Hellman.

Let’s monitor the algorithm with real world values. Firstly, we’re going to use the following entity class to store 2D point coordinates.

As illustrated above, key exchange is completed in milliseconds even though worked with very large numbers. Also, the code is run with a personal laptop (HP EliteBook 8570p, Intel(R) Core(TM) i7-3540M CPU @ 3.00GHZ, 8.00 GB RAM, 64-bit OS)

How Secure?

Of course, computing Alice’s private key from her public key is possible. However, computation time would last too long with brute force attack in worst case scenario. The following code applies sample brute force attack. It starts from base point G and applies point addition repeatly until it reaches to the public key. Basically, private key equals to the iteration count. Let’s look at the computational cost of attacking over private key value.

As demonstrated above, computation time of key exchange operation remains stable while private key value increased. In contrast, computation time of successful attack (in worst case) increases linearly while private key value increased. Maximum scale of the illustration equals to the 20 bit integer (1M), and successful attack approximately lasts 2 minutes. Minimum length of 256 bit private keys are strongly suggested by NIST for elliptic curve cryptosystems to offer same level security of AES-128. Moreover, trendline equation of the successful attack line is y = (6.0808x/50000) + 0.8818. This means 128 bit key requires more than 13×1026 years to solve with a single computer in the worst case scenario. If 1T (1012) computers run in parallel, then private key could be solved in 13×1014 years. As known, the age of the universe is 13×109.